Version 11 (modified by ejhernandez@…, 7 years ago) (diff)

When CA revoking is made, all issued certs are revoked as well

Goal

Provide a Certification Authority to handle certificate based authorization

Requirements

  • CA Certificate
    • Create
    • Revoke
    • Renew
    • Download CA public key
    • Control TO-DO
  • Certificate
    • Issue
    • Revoke
    • List
    • Renew
    • Download private and public keys, removing private key from eBox
    • Control TO-DO
  • Other modules (e.g. OpenVPN) will be able to access CA to create and retrieve keys

Design

  • OpenSSL will be used (CPAN binding or command-line interface)
  • CA Certificate
    • Create: Organization, Expiry Date, CA Passpharse (Remaining fields are possible to set by API)
    • Revoke: CA Certificate, CA Passpharse, reason (Optional) -> Revoking all the current issued certificates
    • Renew: CA Certificate, Expiry date, CA Passpharse (Re-signing all the valid certificates with the same expiry date)
    • Download Public CA Key -> File in PEM Format
    • Control TO-DO
  • Certificate
    • Issue: Common Name (Key), Expiry Date, User Passpharse, CA Passpharse (Remaining fields are possible to set by API)
    • Revoke: Certificate to revoke (by CN), CA Passpharse, Reason (Optional)
    • List -> Common Name, State (Revoked, Valid or Expired), Expiry Date (Revoke date and reason for revoked certificates) by Certificate
    • Renew : Certificate to renew (by CN), Expiry Date, CA Passpharse
    • Download Keys -> Public and Private PEM format (erasing if exists the private one)
    • Control TO-DO